Newgensoft

newgensoft

6 CVEs • 4 products

Products (4)

Click to collapse

Toggle

Omniflow Intelligent Business Process Suite

omniflow_intelligent_business_process_suite

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-69908 1Newgensoft 1Omniapp Feb 11, 2026 Jan 23, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 An unauthenticated information disclosure vulnerability in Newgen OmniApp allows attackers to enumerate valid privileged usernames via a publicly accessible client-side JavaScript resource.
CVE-2025-65742 1Newgensoft 1Omnidocs Dec 23, 2025 Dec 15, 2025 N/A· v4 8.2 HIGH· v3 N/A· v2 An unauthenticated Broken Function Level Authorization (BFLA) vulnerability in Newgen OmniDocs v11.0 allows attackers to obtain sensitive information and execute a full account takeover via a crafted API request.
CVE-2020-35737 1Newgensoft 1Egov Nov 21, 2024 Dec 30, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.
CVE-2018-17791 1Newgensoft 1Omniflow Intelligent Business Process Suite Nov 21, 2024 Aug 21, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Newgen OmniFlow Intelligent Business Process Suite (iBPS) 7.0 has an "improper server side validation" vulnerability where client-side validations are tampered, and inappropriate information is stored on the server side...Show more Newgen OmniFlow Intelligent Business Process Suite (iBPS) 7.0 has an "improper server side validation" vulnerability where client-side validations are tampered, and inappropriate information is stored on the server side and fetched from the server every time the user visits the D, creating business confusion. In the worst case, all available resources are consumed while processing the data, resulting in unavailability of the service to legitimate users. This occurs because non-editable parameters can be modified by manually editing a disabled form field within the developer options.Show less
CVE-2011-3645 1Newgensoft 1Omnidocs Apr 29, 2026 Sep 27, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a modified UserIndex par...Show more Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a modified UserIndex parameter to doccab/userprofile/editprofile.jsp, which selects the settings page of an arbitrary user.Show less
CVE-2010-0701 1Newgensoft 1Omnidocs Apr 29, 2026 Feb 23, 2010 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in ForceChangePassword.jsp in Newgen Software OmniDocs allows remote attackers to execute arbitrary SQL commands via unspecified vectors.